BSOD Occurs If Malware Process Killed When Sdbxd As Partly Limited [M836]


  1. Product version: COMODO Internet Security 7.0.308911.4080 BETA
    2.Operating System:windows 7 ultimate (x32) runing by VMware Player
    3.Configuration: Default IS configuration
    4.filed comodo Comodo failure in dealing with Patch And the appearance of the blue screen

5.This shows that the Comodo to default without value and does not protect the user from risk
6.This video shows the failure of Comodo

:frowning: :frowning: :frowning: :frowning: :frowning: :frowning: :frowning: :frowning: :frowning: :frowning: :frowning:

Isnโ€™t that a possible KillSwitch related bug ? I may be wrong.

Please be sure that the computer is set to make full kernel dumps. Then upload the kernel dump from this to a file sharing site, such as this one and paste the download link in your first post.


This malware is designed to kill the process when the cause of the blue screen

test in restricted killing process without
The advent of the blue screen

System has nothing to do in the Blue Screen

This process can not be killed so designed malware

Do you just mean that this is malware which, if KillSwitch tries to kill it causes a BSOD? If so then this is possibly a bug with KillSwitch. The best way to fix this is to provide me with the kernel dump and a download link to the malware in question.

However, about the malware samples. I have had discussions which have made it clear that I cannot guarantee you any more that samples will not be added to the database. Apparently, if a sample is malicious it will be added to the database so that all CIS users will be better protected. If you like you can submit them and then disable the AV while testing, or manually add the path to the exclusions list.

Thank you.

KillSwitch is not a bug in the malware designed for the purpose Symbol

On this malware is for tests only, not for unethical business

Even if experimented on Task manager will show the blue screen

Iโ€™m sorry, but this is the feedback which I have gotten about these malware samples. If dangerous they will be added to the database.

If you can replicate this using just task manager please let me know the detailed steps required to do this. I can then pass this on to the devs. As for the malware, if you are okay with a signature possibly created (knowing that Comodo will not steal your code or anything nefarious) you may send me a download link.

Thank you.

I can not send the sample, but in the conditions mentioned

Has been testing the Task manger and process hacker

Okay, I watched the video. To me this looks like you have created a piece of malware which, if killed by any other program, causes the system to BSOD. Thus, this does not appear to be a bug with CIS, but more of a bug with the malware you have created. It is not the job of CIS to prevent other programs from malfunctioning and causing BSOD.

Thus, as this is not a bug with CIS, I will move this post to Resolved (as it is resolved to not be a CIS bug).

The decision is up to you :slight_smile:

but in erstricted Did not show the blue screen

Is this essentially a piece of malware which intentionally tries to cause a BSOD when terminated? If so then the only way I can think of for the devs to entirely solve this would be to have access to the malware for testing purposes.

However, as you are unwilling to give them complete access (which I still donโ€™t understand why you would be worried about the devs adding detection to the database if warranted) I donโ€™t see what they can do. Is there are reason you are worried about the devs analyzing your malware sample?

Well the sample has been sent

Iโ€™ll move this back to the Beta bug reporting board for processing.

Is this sample you have sent me specifically meant to create a BSOD when terminated? Is that the intended behavior?



Is the sole purpose of this malware to try and create a BSOD when terminated? If not, then what is it meant to do? This information will be important for passing on to the devs.

Also, does the BSOD occur when sandboxed as Limited?

Patch is based on the contact hacker and is fully in control of the victim

test on comodo 6

Okay, so does the BSOD occur if the Behavioral Blocker is set to Limited?

yes When you put on the Mode Sand Box Limited does not show the blue screen